Bug 2362

Summary: Please add a possibility to disable IdentityFiles
Product: Portable OpenSSH Reporter: Guilhem <guilhem>
Component: sshAssignee: Assigned to nobody <unassigned-bugs>
Status: CLOSED WORKSFORME    
Severity: enhancement CC: djm
Priority: P5    
Version: 6.7p1   
Hardware: amd64   
OS: Linux   

Description Guilhem 2015-03-07 03:53:41 AEDT
For various reasons [0] one might not want to give ssh(1) access to the private key material, and force the use of the agent instead.  However, while it's currently possible to ignore the identities offered by the agent, AFIK it's not possible to ignore identity files.

A way around is to specify a file that does not exist (e.g., ‘IdentityFile none’), but such behavior is not specified in ssh_config(5), and is also error-prone.  I suggest to make ‘none’ a special argument for ‘IdentityFile’, and make it empty the list of identity files; if ‘~/.ssh/none’ is actualy a genuine identity file, it would be still be possible to specify it using its absolute path.


[0] https://www.debian-administration.org/users/dkg/weblog/64
Comment 1 Damien Miller 2018-05-11 13:53:19 AEST
IdentityFile=none has already supported this since OpenSSH-6.2
Comment 2 Guilhem 2018-08-30 20:50:46 AEST
Good to know, but that behavior is not documented AFAICT: https://man.openbsd.org/ssh_config.5
Comment 3 Damien Miller 2021-04-23 15:10:59 AEST
closing resolved bugs as of 8.6p1 release